legacy systems study - texas€¦ · full replacement, depending on the characteris-tics of the...
TRANSCRIPT
LEGACY SYSTEMS STUDY
Assessment and Recommendations
PUBLIC REPORT
Texas Department of Information Resources
October 1, 2014
Contents
Executive Summary ......................................................... 1 Project Objectives ..................................................... 1 Analysis Approach .................................................... 2 Assessment Results .................................................. 2 Recommendations.................................................... 3
High-Level Findings ......................................................... 6 Architecture Analysis ............................................... 6 Mission-Critical Applications .................................... 6 Hardware and Software Components by Primary Functional Category .................................... 7 Legacy Remediation Cost Estimate .......................... 8 Average Age of Hardware Components ................... 8
Recommendation 1 Determine the Impact of Identified Security Risks and Prioritize Mitigation .................................. 9
Recommendation 2 Develop a Legacy Modernization Roadmap Strategy .................................................................... 9
Recommendation 3 Leverage DIR to Establish a Statewide Application Development Framework, Standardization and Consolidation ........................ 10
Recommendation 4 Seek Commercial Off-the-Shelf Solutions over Custom-Developed Solutions ......................... 12
Recommendation 5 Consolidate Reporting and Analytics into Consolidated Business Intelligence Services .......... 12
Recommendation 6 Implement Application Portfolio Management Practices ................................................................. 13
Appendix Functional Category Definitions ............................. 15
_____
Legacy Systems Study DIR Enterprise Solution Services [email protected]
Texas Department of Information Resources 300 West 15th Street, Austin, TX 78711-3563 www.dir.texas.gov
Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | Executive Summary 1
Executive Summary
Texas is a diverse state—from the geography of
the landscape to the people who live here—and
the needs of state agency systems to serve the
public are just as diverse. As electronic records
and online transactions increasingly become the
standard for state government operations and
statewide service delivery, it becomes more crit-
ical to understand the investment in and man-
agement of the supporting information systems.
The Legacy System Study (LSS) was created by
the 83rd Legislature (House Bill 2738) to evalu-
ate the composition of the state’s current tech-
nology landscape and determine how best to ap-
proach and make decisions about an aging infra-
structure. A legacy system is defined in statute
as a computer system or application program
that is operated with obsolete or inefficient
hardware or software technology.
Much like the physical infrastructure of public
bridges and roads, the information technology
(IT) infrastructure must be maintained to ensure
continuity of service to the public. Aging systems
that are either costly or inefficient in operations,
or which simply do not have manufacturer sup-
port for the software, need prioritized attention.
This report offers a snapshot of current State of
Texas legacy systems, along with recommenda-
tions for possible solutions to this critical and
timely issue.
The Texas Department of Information Resources
(DIR) was directed by the state legislature to per-
form a study detailing the use of legacy systems
and software by state agencies (excluding insti-
tutions of higher education and agencies that are
statutorily exempt from reporting information to
DIR).
DIR’s Enterprise Solutions Services (ESS) team
worked collaboratively with the legislatively
specified agencies throughout the process to
carry out the study in the following four phases:
1. Strategize—Analyze House Bill 2738, then
formulate a plan to collect data and report to
state leadership
2. Gather—Develop a data dictionary for con-
sistency and assist the agencies in gathering
data
3. Analyze—Validate and analyze the data sub-
missions, then formulate recommendations
4. Report—Develop an assessment report and
identify high-value remediation targets with
estimates of costs
DIR completed the first two phases. To complete
the final two phases, DIR partnered with a major
international technology advisory company to
ensure broad technology expertise in perform-
ing the analysis and reporting. The project
team—made up of representatives from both
parties—employed proven frameworks and
methodology for establishing remediation prior-
ities and recommendations.
Project Objectives
The overall objective of this project is to under-
stand, at a high level, the breadth and cost of leg-
acy system remediation and modernization
across State of Texas agencies. The objective of
the report is to provide state leadership with
data on whether to replace or update aging sys-
tems. Meeting these objectives included
Determining the size, maintenance cost, and
risk of legacy systems within the state based
on data collected
Applying a standard, adaptable, methodology
to standardize and prioritize systems into
groups based on functional similarities, then
Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | Executive Summary 2
increasing data quality with industry research
and state agencies’ perspectives
Determining feasibility of remediation for
groups of legacy systems and for high-value,
individual legacy systems by using industry
best practices
Objectively identifying modernization oppor-
tunities and associated estimated costs
Analysis Approach
The project required a great deal of analysis by
the project team to summarize the wealth of in-
formation gathered during the inventory phase.
This analysis was essential in forming meaningful
recommendations.
For a project of this scope, portfolio analysis
can be as broad or deep as desired—the de-
gree to which it can be either is a function of
the quality and availability of data and the time
available to conduct the analysis.
This report provides a broad analysis of state
agencies’ application portfolios (i.e., their col-
lections of IT systems, including related hard-
ware and software), and provides an evalua-
tion of technical condition, business value, and
cost of these state assets.
With the framework and tools provided by this
project, DIR and state agencies will be able to
continue the analysis to explore areas of inter-
est and gain deeper insights.
The recommendations in this report reflect the
broad analyses undertaken and identify steps
to continue progress in updating these IT sys-
tems, a process referred to as legacy moderni-
zation.
Assessment Results
The study identified more than 13,000 physical
and virtual server (hardware) instances and
100,000 software product instances that support
the state’s systems. In turn, these systems sup-
port more than 4,130 business applications.
Business application names are the high-level la-
bels used by the agency business and IT organi-
zations to easily reference a group of functions
provided by the systems.
The Legacy Systems Study found that over half of
the 4,130 business applications contained in
agency application portfolios are considered leg-
acy. This designation is based on whether a busi-
ness application relies upon hardware and soft-
ware technology that is no longer supported un-
der standard vendor support. In some cases, only
a small portion of the underlying technology is
legacy, but in the majority of cases, most of the
technology is outdated. Legacy business applica-
tions are more difficult and costly to support, are
less resilient, and are likely to carry a higher de-
gree of security risk.
The legacy portion of the statewide application
portfolio includes business applications of all
functional categories from across almost all
agencies. It encompasses large systems of rec-
ord, including many mission-critical business ap-
plications, as well as smaller systems. The legacy
applications cannot simply be dismissed because
agencies indicate that core, mission-related,
functions rely on these systems. This presents a
conundrum: these business applications are val-
uable, yet their technical underpinnings need to
be replaced or updated (remediated) to support
agencies’ IT needs.
There is a range of feasible remediation options
available for such legacy business applications,
from limited software and hardware upgrades to
full replacement, depending on the characteris-
tics of the application. The Legacy Systems Study
presents various options and maps them to dif-
ferent applications. When considering these op-
tions, it is beneficial to approach modernization
at a holistic or portfolio level so that system in-
terdependencies are considered.
Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | Executive Summary 3
The state would also benefit from reducing the
number of software products and optimizing its
technology landscape to reduce costs and risks
associated with outdated or unsupported appli-
cations. For instance, there are many applica-
tions across the state that provide similar func-
tionality. Examples include applications related
to functional areas such as licensing services, or
technology areas such as reporting. In total,
agencies use over 4,200 unique software prod-
ucts, installed in over 100,000 instances, with
61% of these instances considered legacy. A re-
duction in the variance of software products
would reduce the size and complexity of the fu-
ture application landscape after remediation.
There are many reasons that the technology that
supports business applications becomes legacy.
The demand for IT always outpaces supply, and
agencies must balance investments in systems
that support daily activities and provide immedi-
ate business value with technology mainte-
nance, which provides less tangible benefits in
the short term. As the state continues to attract
more citizens and experience significant busi-
ness growth, the demand for state-provided ser-
vices increases. Because agencies are often una-
ble to add staff to meet the growing demand for
services, there becomes an increased depend-
ency upon automation to meet that need. Over
time, technical debt accumulates and becomes
harder to reconcile.
The current annual ongoing cost of the state’s
legacy portfolio, based on support effort and
software license fees, is over $300 million. Based
on a formula for a high-level remediation cost es-
timate at a portfolio level, the one-time cost to
remediate the technical debt within legacy busi-
ness applications on an agency-by-agency basis
will likely exceed $450 million when not taking
into account opportunities to share services. The
cost and complexity of individual legacy business
applications is substantial, and consolidation
would avoid redundant remediation effort.
Recommendations
Recommendation 1. Agencies should develop a
prioritized impact analysis and mitigation plan of
identified legacy system security risks.
If agencies understand and prioritize the impact
of replacing and/or upgrading aging infrastruc-
ture, business decisions can be made more eas-
ily. The identified risks are primarily a result of
running older software and hardware that can
no longer be updated with security fixes, nor
support modern security implementations.
These mitigations would not imply a full legacy
modernization, but would target security risk
mitigation. Such an analysis can result in a strat-
egy that allows for targeted upgrades that could
be implemented in phases based on available re-
sources.
Recommendation 2. Amend Texas Government
Code (TGC), Chapter 2054 to authorize DIR to de-
velop a legacy modernization strategy and to col-
laborate with agencies to use comprehensive
strategies, developed as part of the Legacy Sys-
tems Study and identified in this report, as guid-
ance in their legacy modernization efforts.
This recommendation would allow the state to
take the next step toward developing a modern-
ization strategy, both at the state level and in
concert with agencies at the agency level. The
Legacy Systems Study indicates a number of ar-
eas of prioritization based on the business value,
technical quality, and cost of business applica-
tions. The Legacy Systems Study identifies reme-
diation options, including a preliminary mapping
to business applications. However, this study is
not a comprehensive strategy toward legacy
modernization.
Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | Executive Summary 4
Recommendation 3. Amend TGC 2054 to author-
ize DIR to build upon the legacy modernization
strategy by
Establishing a statewide application develop-
ment framework—A framework is a recom-
mended approach that provides direction and
structure for agencies to follow. Currently,
there is no statewide framework for software
application development.
Facilitating standardization and collabora-
tion—A modernization strategy is a roadmap
for pursuing opportunities for technology
standardization, reducing the variety of tech-
nologies within the statewide portfolio, and
seeking opportunities to consolidate business
applications into fewer solutions, both within
and among agencies.
Achieving economies of scale by leveraging
agency investments—As part of the Legacy
Systems Study, DIR sponsored a workshop
with many agencies where representatives in-
dicated an interest in common solutions and
technologies among agencies. This shared ap-
proach would yield long-term cost reduction
and operational benefits.
Recommendation 4. As part of a legacy modern-
ization strategy leveraging common solutions,
agencies should prioritize commercial off-the-
shelf (COTS) solutions over custom-developed
replacement solutions.
Standardization and consolidation should in-
clude an emphasis on shared solutions including
those delivered as services through the cloud
(i.e., via the Internet instead of through an or-
ganization’s own technology infrastructure)
where possible, reducing the number of custom-
developed business applications. The analysis of
software components indicates that there is a
high degree of custom-developed solutions,
even in application categories where there are
off-the-shelf solutions available. While agencies
have diverse business needs, custom applica-
tions that create a solution from the ground up
may not be needed.
Recommendation 5. Amend TGC 2054 to author-
ize DIR to implement a shared (multi-tenant) re-
porting services and business analytics pilot to
determine the viability of a statewide solution.
Such a capability provides administrative ser-
vices and tools to manage the IT function, includ-
ing software tools that manage data reporting
and business analytics (data analysis that reveals
trends and enables predictions for optimization
of business performance). This would allow
agencies to consolidate disparate software and
hardware onto a consolidated platform. Such a
platform, offered as a service, would accelerate
remediation of legacy reporting applications and
provide higher level business intelligence capa-
bilities to agencies.
Recommendation 6. Amend TGC 2054 to author-
ize DIR to establish a voluntary pilot program
that provides statewide application portfolio
management (APM) practices and toolsets for
agencies to implement any recommendations
following the Legacy Systems Study. An APM
would help agencies approach their IT manage-
ment from a global perspective, improve
statewide application management, and provide
opportunities for efficiencies. In the current en-
vironment, there is limited active portfolio man-
agement to guide decision-making for IT invest-
ment, or to balance business needs that drive
functionality with the requirements of maintain-
ing the technology landscape and sustaining
business applications. DIR is well positioned to
assist with the statewide perspective of portfolio
management: it has insight into agency portfo-
lios and direction and can provide advice on
Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | Executive Summary 5
pragmatic application consolidation that yields
long-term benefits.
Note that all recommendations are based on and
related to only the agencies included in the
study.
_____
Texas attracts nearly half a million new citizens
annually and is prospering due to a positive busi-
ness climate, desirable quality of life, favorable
cost of living, and an independent spirit. These
characteristics challenge state government to
ensure that Texas retains its national leadership
position and continues to provide statewide ser-
vices that meet the needs of its citizenry. Agen-
cies depend upon their IT systems to deliver
state services and must be in a position to grow
these systems in an agile and fiscally responsible
manner.
This study, and the resulting recommendations,
present a unique opportunity to fully understand
the health of these systems and the actions nec-
essary to operate an efficient and cost-effective
state government.
Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | High-Level Findings 6
High-Level Findings
Architecture Analysis
The state’s application portfolio comprises more
than 4,130 business applications supported by
the state’s systems. Of these, approximately 58%
are listed as legacy because they contain legacy
components. In most cases, these legacy busi-
ness applications are supported by both legacy
software and hardware:
52% of the legacy applications use both out-
dated hardware and software
20% of the legacy applications use outdated
hardware
28% of the legacy applications use outdated
software
Mission-Critical Applications
Approximately 36% of the entire state applica-
tion portfolio is deemed mission critical by agen-
cies, while 64% is not mission critical.
Almost two-thirds of the mission-critical applica-
tions have legacy components, while the remain-
ing third is current. Just over half of non-mission-
critical applications are considered legacy, while
the remaining are current.
Overall, the mission-critical applications have a
higher legacy ratio than non-mission critical ap-
plications.
The remainder of this section presents the results of high-level analysis of the state’s business applica-
tions, which have been grouped according to 33 functional categories. DIR asked agencies to categorize
their business applications by function, realizing that a single agency-identified business application could
provide functionality in multiple categories. Agencies provided up to three prioritized categories per busi-
ness application.
Note: The functional categories are identified by short names or keywords in the charts and text below.
Each functional category is more fully defined in the Appendix (page 15).
Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | High-Level Findings 7
Hardware and Software Components by Primary Functional Category
Business applications are made up of hardware
and software components. The largest numbers
of these components are related to the following
functional categories:
Licensing/Permitting/Monitoring/
Enforcement
Business Automation
Systems Management
Reporting Systems
Web Systems
Content Management Systems
Enterprise Resource Planning
The legacy ratio between the hardware compo-
nents or software products is not significantly
different among the categories.
Hardware Components by Primary Application Category Software Components by Primary Application Category
Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | High-Level Findings 8
Legacy Remediation Cost Estimate
A high-level remediation cost estimate for the
entire legacy application portfolio across all
functional application categories is approxi-
mately $450M. The majority of remediation cost
is within the functional categories identified as
focus areas:
Business Automation
Content Management Services
Reporting
Licensing/Permitting/Monitoring/
Enforcement
Enterprise Resource Planning
Customer Relationship Management
Systems Management
Search
Average Age of Hardware Components
The average age of existing hardware compo-
nents varies across functional categories, though
not significantly. These averages would be ex-
pected to be lower when subject to a more uni-
form refresh cycle (the industry standard is to re-
fresh hardware every three to five years).
High-Level Estimate of Legacy Remediation Cost by Business Application Category
Average Age of Hardware Components
Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | Recommendation 1 9
Recommendation 1
Determine the Impact of Identified Security Risks and Prioritize Mitigation
Agencies should develop a prioritized impact
analysis and mitigation plan of identified legacy
systems’ security risks. Agencies reported a
number of applications that have unresolved se-
curity risks introduced by relying on legacy sys-
tems. These security risks include the inability to
implement updates on older software, as well as
implementation configurations that diminish se-
curity capabilities. A number of the involved ap-
plications provide significant business value, and
some are mission critical. These applications can-
not wait for legacy remediation—the identified
security vulnerabilities must be addressed as
soon as possible.
Even if applications are “behind the firewall”
(guarded by network protections), it is impera-
tive to have all known security risks mitigated
with urgency. This likely requires operating sys-
tem or software product upgrades, or both. At
minimum, the impact is time and effort for im-
plementation and testing. In some cases, de-
pendencies between software products (and po-
tentially between software and hardware com-
ponents) require broader updates. A key step is
to identify these dependencies and develop a
plan to resolve the security risks with considera-
tion for the amount of change and relative im-
pact.
An impact analysis and remediation of these
risks would:
Determine the potential impact of the security
risks identified by agencies
Develop the most expedient and least disrup-
tive approach to mitigate the risks
Implement mitigation initiatives
Prioritizing the impact analysis and risk mitiga-
tion has the following benefits:
Reduces the potential vulnerability of agency
applications and data
After mitigating the risk with minimal solu-
tions, reprioritizes further remediation based
on the overall legacy remediation strategy
Recommendation 2
Develop a Legacy Modernization Roadmap Strategy
Amend TGC 2054 to authorize DIR to develop a
legacy modernization strategy and collaborate
with agencies to use the comprehensive strate-
gies as guidance in their legacy modernization ef-
forts.
Many of the remediation options are complex.
Large-scale modernization efforts carry a signifi-
cant amount of risk that can be reduced by de-
veloping a structural, yet pragmatic, approach
toward implementation.
This study assessed the statewide application
and technology portfolio, resulting in a number
of findings. Key among the findings is that the
legacy issue is widespread, both among agencies
and among application categories. It will take a
significant amount of effort and investment to
remediate the portfolio and reduce the risks as-
sociated with legacy systems, including security
vulnerabilities and lack of timely support. A com-
prehensive roadmap at the statewide level to
guide agency initiatives would drive the effort to
Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | Recommendation 3 10
remediate the legacy portfolio at both state and
agency levels.
A legacy modernization strategy would:
Identify specific initiatives to remediate legacy
applications
Prioritize initiatives across agencies based on
business value and risk reduction
Develop a mechanism to track the effective-
ness of these initiatives
Establish milestones, metrics, and validation of
outcomes
Implementing a legacy modernization strategy
would provide the following benefits:
Maximizes the technology investment in terms
of business value
Ensures the proper prioritization of initiatives
Ensures the use of effective and common ap-
proaches across agencies
Recommendation 3
Leverage DIR to Establish a Statewide Application Development Framework, Standardization, and Consolidation
Amend TGC 2054 to authorize DIR to establish a
statewide application development framework
and to facilitate standardization and collabora-
tion, achieve economies of scale, and leverage
agency investments.
Recommend that DIR create a function to pro-
vide strategic information technology advice and
guidance to state agencies through direct en-
gagement to promote enterprise architecture
standards, collaborative communities, and
awareness of technical initiatives.
Statewide Application Development
Framework
The current statewide application portfolio is a
collection of agency portfolios: there is no partic-
ularly strong, coordinated driver to seek econo-
mies of scale or leverage agencies’ investments
at other agencies. There are some examples of
such collaboration at the agency level, but it is
not approached systemically. Objectives ex-
pressed in other recommendations, including
standardization and implementing a preference
for commercial off-the-shelf (COTS) solutions,
depend on a common partner to facilitate collab-
oration among agencies and to present a cohe-
sive approach to the Legislature. DIR is uniquely
positioned to perform this role.
Leveraging DIR to establish a statewide applica-
tion development framework would:
Facilitate consistent, structured cross-agency
engagements such as round–table discussions
and an application-based coordinating council
Build a community of interest
Seek ways to leverage common solutions
Enable DIR to actively pursue opportunities to
drive value from agency technology invest-
ments
Implementing a statewide application develop-
ment framework would have the following ben-
efits:
Actively implements a framework that will be
used to create a statewide legacy moderniza-
tion program
Facilitates collaboration and alignment of ap-
plication development practices among agen-
cies
Enables the recommendations to improve
standardization and increasing the use of COTS
solutions
Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | Recommendation 3 11
The need to modernize legacy systems is a chal-
lenge as well as an opportunity. Rather than im-
plementing modernization as a technology-cen-
tric program, DIR can help to approach modern-
ization from an application perspective. As tech-
nology infrastructure becomes more commodi-
tized over time, the majority of cost, as well as
business benefits, are a result of organizations’
application strategies. At this stage, most agen-
cies do not have a strong discipline in this area,
and legacy modernization provides the impetus
for a statewide perspective.
Standardization and Consolidation
Amend TGC 2054 to authorize DIR investigate
the opportunity to standardize technologies for
common agency solution areas. This could re-
duce redundancy, provide better insight into
data, and leverage skills across agencies. By fo-
cusing less on the technology and more on the
implementation of the technology, the state
could develop best practices for functional areas
among agencies. The first step of the investiga-
tion would be to develop a model to quantify the
potential benefits and metrics to measure suc-
cess.
Agencies use a number of similar applications
across similar business functions, but these ap-
plications are often implemented with different
technology products, which overlap in function-
ality. Instead of approaching these applications
as unique solutions, common approaches and
technologies can be leveraged by multiple agen-
cies. A number of applications in different cate-
gories, including Customer Relationship Man-
agement (CRM), Enterprise Resource Planning
(ERP), Licensing / Permitting / Monitoring / En-
forcement (Licensing), and Search, are currently
in legacy status and need to be remediated. In-
stead of addressing these applications individu-
ally, DIR should facilitate working groups and col-
laboration with agencies to perform application-
level analysis to determine commonalities and
pursue common solutions.
Standardization and increased shared solutions
would:
Replace distributed technologies with com-
mon solutions
Introduce best practices-based approaches
across agencies
Potentially replace distributed hardware with
centralized and shared hardware
Establish common test environments for agen-
cies to quickly ramp-up projects
Standardization and increased shared solutions
have the following benefits:
Improves the time-to-market to deploy solu-
tions through shared knowledge and experi-
ence
Encourages collaboration among agencies
across the state
Develops an understanding of common data
and encourages sharing data among different
agencies in the same business areas
Allows for sharing of expertise and skills
Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | Recommendation 4 12
Recommendation 4
Seek Commercial Off-the-Shelf Solutions over Custom-Developed Solutions
As part of a legacy modernization strategy, the
state should seek to prioritize the implementa-
tion of COTS-based solutions wherever it makes
practical sense. COTS solutions include cloud-
based implementations, particularly Software-
as-a-Service (SaaS, or sharing applications) and
Platform-as-a-Service (PaaS, or sharing the tech-
nology to build applications) solutions.
Of the many business applications in use across
agencies, there is an emphasis on custom-devel-
oped solutions. Although the use of a COTS prod-
uct as the main solution is not explicitly tracked,
the number of COTS products among the most
commonly used software in application catego-
ries is limited. The number of different software
products in use is large, and there are many spe-
cific solutions. In many cases where agencies
have embarked upon legacy modernization pro-
grams, they have adopted a preference for
COTS-based solutions over custom-developed
replacement, especially for slowly evolving sys-
tems that provide transactional functionality.
A preference for COTS-based solutions over cus-
tom-developed solutions would:
Replace existing legacy custom applications
with COTS-based solutions
Standardize COTS products across agencies in
similar functional areas
Leverage industry best practices, embedded in
COTS solutions, to support future state busi-
ness processes across agencies
Implementing a higher degree of COTS solutions
would have the following benefits:
Reduce the complexity of the statewide appli-
cation portfolio
Reduce the number of technologies
Reduce the dependency on specialized re-
sources only found within a small number of
agencies
Encourage collaboration among agencies
across the state
Encourage data sharing data between differ-
ent agencies in the same business areas
Recommendation 5
Consolidate Reporting and Analytics into Consolidated Business Intelligence Services
Amend TGC 2054 to authorize DIR to implement
shared (multi-tenant) reporting services and
business analytics capabilities. This could reduce
redundancy, provide better insight into data,
and standardize skills across agencies. By reduc-
ing agencies’ need to focus on distributed re-
porting technology, they would be better
equipped to focus on establishing and tracking
key performance indicators.
Many agencies deploy reporting and data ware-
housing capability, either as a focused applica-
tion category or as part of business automation,
Customer Resource Management (CRM), and
other types of applications. Agencies use a vari-
ety of reporting tools, and a significant portion
are considered legacy. In some cases, reporting
is performed against applications’ operational
databases, but in other cases (and following best
practices), agencies establish separate reporting
databases.
Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | Recommendation 6 13
There is an opportunity to consolidate reporting
capability into a shared service, which would
provide agencies with the tools and technologies
needed to perform reporting and/or data ware-
housing, especially in cases where agencies uti-
lize separate reporting databases.
This shared service would:
Provide agencies with consolidated, up-to-
date, and maintained tooling
Replace distributed reporting hardware with
centralized and shared hardware
Provide standardized and powerful data
cleansing and aggregation tools
A shared reporting service has the following ben-
efits:
Reduces the proliferation of hardware and
software related to common reporting func-
tions
Encourages sharing of data and establishment
of master data across the state
Reduces the risk of reporting applications be-
coming legacy in the future
Allows for sharing of expertise and skills
Recommendation 6
Implement Application Portfolio Management Practices
Amend TGC 2054 to authorize DIR to establish a
voluntary pilot program that provides statewide
application portfolio management (APM) prac-
tices and toolsets supporting agency implemen-
tation of any recommendations following the
Legacy Systems Study. This could provide con-
sistency in the data, enabling reliable review and
continuous improvement across the state enter-
prise. It also allows agencies opportunity to col-
laborate more effectively on similar business re-
quirements. It may be one of the first steps to
deploying statewide Master Data Management,
Application Programming Interface (API) service
registry, and Enterprise Service Bus solutions.
APM’s goal is to describe the inventory of appli-
cations and the resources (e.g., money, staff
time, infrastructure) required to provide opera-
tional support of those applications over their
lifetime. APM is closely related to governance
and how an agency ensures that applications are
aligned with agency business needs, enterprise
architecture (alignment of people, processes,
technology), and tracking of effective metrics to
measure the cost/value proposition of applica-
tions relative to each other within an agency (or
state) portfolio. APM should guide the invest-
ment decisions for an application’s lifecycle, par-
ticularly balancing between adding features,
maintaining infrastructure currency, and mod-
ernizing the platform. Effective implementation
of APM is an indicator of an organization’s infor-
mation technology services maturity and its abil-
ity to respond to business requirements.
Application portfolio management is used to:
Identify application investment requirements
Identify and tracks costs
Establish application lifecycle expectations (at
least estimations)
Measure, report, and adjust values and expec-
tations
Track against original expectations
Track large changes to requirements over the
life of the application
Application portfolio management provides the
following benefits:
Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | Recommendation 6 14
Ensures ease of ongoing visibility to applica-
tions’ relative business value
Guides the business and information technol-
ogy organizations in prioritization
Enables rationalization across business,
agency, and enterprise where possible
Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | Appendix 15
Appendix
Functional Category Definitions
Application Development (AppDev)
Components related to the development and
maintenance of applications.
Backup/DR Systems (Backup)
Components related to disaster recovery, data
backup, and business continuity.
Business Automation (Business)
Manages the integration of systems via mes-
saging, transformation of data, and scheduling
of transactions.
Content Management Systems (CMS)
Includes document management (born-digital
documents, not scanned), electronic records
management, web-content management,
knowledge management, search and retrieval,
content categorization (taxonomy), digital
preservation, and email archiving.
Customer Relationship Management (CRM)
Includes service and support systems designed
to increase the productivity and efficiency of
support staff who are required to support con-
stituents and service requestors. This is a
front-office customer service and support cat-
egory.
Data Warehousing (DW)
Includes reporting, analytics, and business in-
telligence in order to support data analysis and
decision-making tasks.
Desktop Productivity (Productivity)
Equipment, applications, or services used to
aid employees with their productivity.
Document Management Systems (DocMgmt)
Includes different aspects of converting paper
documents to electronic form, such as imag-
ing, scanning, indexing, electronic forms, back-
file conversion, workflow, optical character
recognition, computer output to laser disk,
and computer output to microfiche.
E-Commerce (Ecomm)
The buying and selling of products or services
conducted over electronic systems such as the
Internet and other computer networks. Elec-
tronic commerce draws on technologies such
as mobile commerce, electronic funds trans-
fer, supply chain management, Internet mar-
keting, online transaction processing, elec-
tronic data interchange (EDI), inventory man-
agement systems, and automated data collec-
tion systems.
Enterprise Resource Planning (ERP)
Includes the administration of an organiza-
tion’s financial and human resources back-of-
fice systems that include general ledger, ac-
counts payable, accounts receivable, budget-
ing, inventory, asset management, billing, pay-
roll, projects, grants, payroll, and time and la-
bor.
ERP Secondary (ERP Secondary)
Ancillary accounting applications that gather
and feed data to a primary accounting system
(cash management, employee time, and leave
tracking).
Fax Services Systems (Fax)
Fax Services Systems allows for the produc-
tion, retrieval, storage, and printing of faxes to
and from the agency.
Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | Appendix 16
File Services (File)
Standard file and data storage used for daily
business operations.
Fleet Management (Fleet)
The management of a company’s transporta-
tion fleet. Fleet management includes com-
mercial motor vehicles such as cars, ships,
vans, trucks, and rail cars. Fleet management
can include a range of functions, such as vehi-
cle financing, vehicle maintenance, vehicle
telematics (tracking and diagnostics), driver
management, speed management, fuel man-
agement, and health and safety management.
Geographic Information Systems (GIS)
Includes the capturing, storing, updating, ma-
nipulating, analyzing, displaying, and/or online
publishing of geographically referenced infor-
mation.
Identity Management (IAM)
Includes components providing authentication
and authorization, such as single sign-on, digi-
tal certificates, etc.
Legislative Tracking (Legislative)
Data repository used to track new and old leg-
islation that may apply to an agency. Allows
the agency to plan for, respond to, and man-
age change resulting from the legislation.
Licensing/Permitting/Monitoring/Enforcement
(Licensing)
Includes systems that support licensing and/or
permitting functions of the agency, and/or re-
lated activities such as compliance monitoring
and enforcement.
Messaging/Email Systems (Email)
Components supporting messaging systems,
including email, instant messaging, and their
security.
Online Web Forms (WebForms)
Web-based online forms for data entry to a
back-end system.
Print Services (Print)
Devices providing standard print services func-
tion for daily business operations.
Procurement (Procurement)
The acquisition of goods, services, or works
from an outside external source.
Reporting Systems (Reporting)
Toolsets and applications that have the proper
drivers to attach to databases and provide re-
porting for the various agency needs.
Search System (Search)
Tool for searching back-end systems.
Security Systems (Security)
Includes network and client-based firewall and
virtual private network (VPN) deployments; in-
trusion prevention or detection systems
(IPS/IDS); server-based access controls (e.g.,
biometrics, smart cards/other one-time pass-
word tokens); encryption (for data in transit,
files, public key infrastructure); IT security de-
sign reviews; vulnerability scanning, assess-
ment and testing; malware blocking tools (e.g.,
application-level attack blocking, virus, spy-
ware, adware, and spam management); auto-
mated patch management and security policy
compliance tools; physical security for IT as-
sets; and the implementation of forensics, risk,
or security assessment tools.
Legacy Systems Study: Assessment and Recommendations | PUBLIC REPORT Texas Department of Information Resources | October 2014 | Appendix 17
Systems Management (SysMgmt)
Systems management addresses technologies
used to manage and monitor the network,
servers, applications, and other elements of
the IT infrastructure, which can include sys-
tems management and monitoring, perfor-
mance management, change and release man-
agement, and software distribution.
Telephony Systems (Telephony)
Includes interactive voice response (IVR), voice
over Internet protocol (VoIP), hosting and
management of call centers or contact cen-
ters.
Terminal Access Systems (Terminal Access)
Services that allow connectivity to external
systems with which the agency must share
data. For example, connectivity to applications
from the Texas Comptroller of Public Accounts
that make up the agency primary accounting
system. Also includes remote access compo-
nents such as Citrix, XenApp, Radius, etc.
Timekeeping Systems (Timekeeping)
Agency system used to document time spent
by staff on projects.
Training (Training)
Provide interface for presenting training mate-
rials and tracking completion.
Utility Systems (Utility)
These may be hosted domain name system
(DNS) services, dynamic host configuration
protocol (DHCP) services, virtualization ser-
vices, system monitoring, logical security ser-
vices, terminal emulation services, remote ac-
cess services, or others that are applied to one
or more other servers.
Videoconferencing/Web Broadcasting
(VideoConferencing)
Includes two-way analog or IP-based video-
conferencing, as well as IP-based video broad-
casting (one-way, one-to-many, and replay).
Web Systems (Web)
Public facing or internal agency websites and
their supporting components (security, moni-
toring, etc.); includes FTP sites.